Improved Strongly Deniable Authenticated Key Exchanges for Secure Messaging

Unger, Nik; Goldberg, Ian

doi:10.1515/popets-2018-0003

Cited by 27 publications

(13 citation statements)

References 69 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Unger and Goldberg [82,83] also consider deniable authenticated key exchange (DAKE) protocols for secure messaging. Their protocol permits the optional use of a PQ KEM for ephemeral key exchange to achieve forward secrecy against future-quantum adversaries.…”

Section: Options For Pq Asynchronous Dakementioning

confidence: 99%

“…There are several prior works giving definitions of offline deniability for key exchange [24,25,31,82,83]. Our definition differs from previous ones in that it gives access to secret keys to the Fake algorithm (corresponding to the simulator in simulation-based definitions) and to the adversary (i.e., the judge).…”

Section: Security Model For Asynchronous Deniable Key Exchangementioning

confidence: 99%

“…Prior work defined several notions of offline deniability for authenticated key exchange [24,25,31,82,83]. Based on the work of Dwork, Naor, and Sahai [37] on deniable authentication, Di Raimondo, Gennaro, and Krawczyk defined concurrently deniable (or fully deniable) authenticated key exchange using the simulation paradigm in [31].…”

Section: A Related Work On Deniabilitymentioning

confidence: 99%

See 2 more Smart Citations

Post-quantum Asynchronous Deniable Key Exchange and the Signal Handshake

Brendel

Fiedler

Günther

et al. 2022

Lecture Notes in Computer Science

View full text Add to dashboard Cite

The key exchange protocol that establishes initial shared secrets in the handshake of the Signal end-to-end encrypted messaging protocol has several important characteristics: (1) it runs asynchronously (without both parties needing to be simultaneously online), (2) it provides implicit mutual authentication while retaining deniability (transcripts cannot be used to prove either party participated in the protocol), and (3) it retains security even if some keys are compromised (forward secrecy and beyond). All of these properties emerge from clever use of the highly flexible Diffie-Hellman protocol.While quantum-resistant key encapsulation mechanisms (KEMs) can replace Diffie-Hellman key exchange in some settings, there is no KEM-based replacement for the Signal handshake that achieves all three aforementioned properties, in part due to the inherent asymmetry of KEM operations. In this paper, we show how to construct asynchronous deniable key exchange by combining KEMs and designated verifier signature (DVS) schemes. There are several candidates for post-quantum DVS schemes, either direct constructions or via ring signatures. This yields a template for an efficient post-quantum realization of the Signal handshake with the same asynchronicity and security properties as the original Signal protocol.

show abstract

Section: Options For Pq Asynchronous Dakementioning

confidence: 99%

Section: Security Model For Asynchronous Deniable Key Exchangementioning

confidence: 99%

Section: A Related Work On Deniabilitymentioning

confidence: 99%

See 1 more Smart Citation

Post-quantum Asynchronous Deniable Key Exchange and the Signal Handshake

Brendel

Fiedler

Günther

et al. 2022

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…Their scheme shows high efficiency in the light of comprehensive performance evaluation. Recently, many related protocols [24,25,26,27] have been presented. Jin et al [24] proposed a DAE scheme, and their construction is applicable for e-voting systems.…”

Section: Related Workmentioning

confidence: 99%

“…Jin et al [24] proposed a DAE scheme, and their construction is applicable for e-voting systems. Unger and Goldberg [25] proposed three deniable authenticated key exchange protocols. These three protocols can support forward secrecy against future quantum adversaries.…”

Section: Related Workmentioning

confidence: 99%

Identity-based Deniable Authenticated Encryption for E-voting Systems

2019

KSII TIIS

View full text Add to dashboard Cite

Deniable authentication (DA) is a protocol in which a receiver can generate an authenticator that is probabilistically indistinguishable from a sender. DA can be applied in many scenarios that require user privacy protection. To enhance the security of DA, in this paper, we construct a new deniable authenticated encryption (DAE) scheme that realizes deniable authentication and confidentiality in a logical single step. Compared with existing approaches, our approach provides proof of security and is efficient in terms of performance analysis. Our scheme is in an identity-based environment; thus, it avoids the public key certificate-based public key infrastructure (PKI). Moreover, we provide an example that shows that our protocol is applicable for e-voting systems.

show abstract